Re: [Buildroot] [PATCH v2 1/1] package/openocd: bump to 0.12.0

[Thomas Petazzoni via buildroot <buildroot@buildroot.org>]

Hello Roman,

Thanks for this new iteration. I still have some concern about the
licensing, so I've added other maintainers in Cc.

On Tue, 14 Mar 2023 13:13:32 +0100
Roman Passler <roman.passler@gmail.com> wrote:

> diff --git a/package/openocd/openocd.hash b/package/openocd/openocd.hash
> index 91eb56d930..7f828172f1 100644
> --- a/package/openocd/openocd.hash
> +++ b/package/openocd/openocd.hash
> @@ -1,3 +1,15 @@
> -# From http://sourceforge.net/projects/openocd/files/openocd/0.11.0/
> -sha256  43a3ce734aff1d3706ad87793a9f3a5371cb0e357f0ffd0a151656b06b3d1e7d  openocd-0.11.0.tar.bz2
> -sha256  8177f97513213526df2cf6184d8ff986c675afb514d4e68a404010521b880643  COPYING
> +# From http://sourceforge.net/projects/openocd/files/openocd/0.12.0/
> +sha256  af254788be98861f2bd9103fe6e60a774ec96a8c374744eef9197f6043075afa  openocd-0.12.0.tar.bz2
> +sha256  1b8f7e37ee5afbbf95c2a4d62b12b25232e29538692663b434318503a9a88419  COPYING
> +sha256  0a37155eb8bc0cb94477a0cae4f030e39da9317374e8a9f597e9229fd09aff78  LICENSES/license-rules.txt
> +sha256  034da732b4f3079b8783fff756613c1cff89dec5ac80c5cdd90532b7539922a1  LICENSES/exceptions/eCos-exception-2.0
> +sha256  f3ba76203a7b6993db31f987559cc4c621ae1ff78119ced2a669756c2c5fd3b1  LICENSES/preferred/BSD-1-Clause
> +sha256  6313108c23efffa36948f8b2cff1560a5935373b527b0e1a837cc77e6ed1bacd  LICENSES/preferred/BSD-2-Clause
> +sha256  1483f15e9fddc73b5df0acab1c42d21ecd0bf6ade8a79179fb90c09f13d03dcd  LICENSES/preferred/BSD-2-Clause-Views
> +sha256  7a83b1aeb460458db9a4bd521d7f237c45b1650f6e60ea5ffc71e49472454de3  LICENSES/preferred/BSD-3-Clause
> +sha256  5cf024f6e3611d5c6fb98748d1a0ad99b8cf9ffe46f2d60fa10c299cd29e0a75  LICENSES/preferred/BSD-Source-Code
> +sha256  f35396f4095619f986736ca5e2976b313d381463a35c921c9ae677cc7eb83e28  LICENSES/preferred/GFDL-1.2
> +sha256  76515be2d7334a1a038f775238c9a4c2b37e19514248e5eea0434cdfee526f9d  LICENSES/preferred/gfdl-1.2.texi.readme
> +sha256  7d35bc44da7bb763022e3c2c32cfc0125dd222060bc50992420599d8e65f6c0a  LICENSES/preferred/GPL-2.0
> +sha256  323c587d0ccf10e376f8bf9a7f31fb4ca6078105194b42e0b1e0ee2bc9bde71f  LICENSES/preferred/MIT
> +sha256  9a41b56594cd89743ca72f188318c9871661847074dd16497ae0c695fe3ab9c9  LICENSES/stand-alone/GPL-3.0
> diff --git a/package/openocd/openocd.mk b/package/openocd/openocd.mk
> index 37a06ca848..95a7fd3c2a 100644
> --- a/package/openocd/openocd.mk
> +++ b/package/openocd/openocd.mk
> @@ -4,7 +4,7 @@
>  #
>  ################################################################################
>  
> -OPENOCD_VERSION = 0.11.0
> +OPENOCD_VERSION = 0.12.0
>  OPENOCD_SOURCE = openocd-$(OPENOCD_VERSION).tar.bz2
>  OPENOCD_SITE = http://sourceforge.net/projects/openocd/files/openocd/$(OPENOCD_VERSION)
>  OPENOCD_LICENSE = GPL-2.0+

Roman: one thing that isn't good is that you are not adding the new
license files in the OPENOCD_LICENSE_FILES variable, it makes the new
hashes quite useless.

Arnout, Peter, Yann: the COPYING file states that overall the OpenOCD
license is GPL-2.0+.

The doc is GFDL.

There are 3 files in contrib/ (apparently not installed in the
Buildroot context) which are under GPL-3.0+.

So, do we list all license files in <pkg>_LICENSE_FILES ? Even if in
fact we don't install anything that's under GFDL or GPL-3.0+ ? I'm
particularly concerned by the GPL-3.0+ of course, which is seen by some
companies as a red flag (for good or bad reasons, that's not the point
here). If our installation of OpenOCD does not include GPL-3.0+ code, I
think we should not mention that GPL-3.0+ code is distributed.

Your opinion?

Best regards,

Thomas
-- 
Thomas Petazzoni, co-owner and CEO, Bootlin
Embedded Linux and Kernel engineering and training
https://bootlin.com
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot